When user login, I'm storing user_id in Session variable and on second page I'm checking on page load if user_id exists then fine, otherwise redirect to sign in page but when I login and and redirected to next page after few seconds it will redirect on login page. I have tried all solutions but all in vain
Important Note:
Another thing is that application working fine on development server and also on local IIS in LAN but on live server this issue is occurring.
Following web.config file code is
<system.web>
<customErrors mode="Off" />
<trust level="Full" />
<authentication mode="Forms">
<forms loginUrl="~/Security/Registration" timeout="30"
slidingExpiration="true" />
</authentication>
<sessionState timeout="30"></sessionState>
<compilation targetFramework="4.5" />
<httpRuntime targetFramework="4.5" />
</system.web>
Why don't you update sessionState with below line :
<sessionState mode="InProc" cookieless="false" timeout="30" />
You can set timeout in web.config
<system.web>
<sessionState mode="InProc" cookieless="false" timeout="30" />
....
Related
I have developed a simple ASP.Net MVC 4 application using Windows Authentication to run on our company's local network. It works fine when deployed on IIS. But if I run the application through Visual studio, I get error message
Here is how my Web.Config file looks like
<system.web>
<authentication mode="Windows" />
<roleManager defaultProvider="WindowsProvider" enabled="true" cacheRolesInCookie="false">
<providers>
<add name="WindowsProvider" type="System.Web.Security.WindowsTokenRoleProvider" />
</providers>
</roleManager>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime maxUrlLength="32767" maxQueryStringLength="32767" targetFramework="4.5" />
</system.web>
<system.webServer>
<modules>
<!--<remove name="FormsAuthenticationModule" />-->
</modules>
<security>
<requestFiltering>
<requestLimits maxUrl="32767" maxQueryString="32767" />
</requestFiltering>
</security>
For debugging, Application is configured to run using "Local IIS Web Server" with "Use IIS Express" option checked in Applications's Properties ->Web tab.
It turns out to be that I had to Enable Windows Authentication, Disable Anonymous Authentication in the Development Server Properties of my Project.
You need to add to project Web.config this:
<system.web>
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" timeout="1" />
</authentication>
</system.web>
Where /Account/Login is your login method from controller.
Make sure your Directory Browsing is enabled.
See this link for adding user in IIS.
I have converted a simple html WebSite to a Web Application.
And enabled forms authentication .aspx pages will require login now.
But the old .html pages can still be opened directly without login.
Must I convert all pages to .aspx or can I enforce login on .html pages as well?
Web.Config:
<?xml version="1.0" encoding="utf-8"?>
<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
<system.web>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" />
<authentication mode="Forms">
<forms loginUrl="login.aspx" name=".aspxFormsAuthentication" cookieless="AutoDetect" protection="All" timeout="30" path="/" requireSSL="false" slidingExpiration="true" defaultUrl="index.html">
</forms>
</authentication>
<authorization>
<deny users="?" />
</authorization>
</system.web>
<appSettings>
<add key="ValidationSettings:UnobtrusiveValidationMode" value="None" />
</appSettings>
</configuration>
The location element didn't help.
It seems this is not possible and I indeed need to convert the pages that need login to .aspx pages.
I have a site that uses forms authentication site wide, with some pages within as exceptions where they are allowed to be viewed with anonymous access. I want the default doc, index.aspx to be viewable via anonymous access. It grants me access if I specify index.aspx in the url, but if I type in the domain name only, I get redirected to connectionTest.aspx (the login page for the site). I have confirmed that index.aspx is the default doc. So there's something wrong with my web config entry for index.aspx
<authentication mode="Forms">
<forms name=".ASPXAUTH" loginUrl="connectionTest.aspx" timeout="30" />
</authentication>
<sessionState mode="InProc" cookieless="false" timeout="30" />
<authorization>
<deny users="?" />
</authorization>
<location path="~/index.aspx">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
<location path="index.aspx">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
Your issue is come because you did not have declare the domain on the form authentication. Because the authentication is base on cookie and you need to access it with out the www. in front you need to declare it as:
<authentication mode="Forms">
<forms name=".ASPXAUTH" domain="demo.com" loginUrl="connectionTest.aspx" timeout="30" />
</authentication>
when you set the domain with out the www. in front then all cookies from the domain are the same one, if you do not declare that, then each cookie is depends from the sub-domain and are different - so you logged out.
the same stands and for the cookie it self.
Similar answer : Multiple applications using same login database logging each other out
I have the following code in my web config for login
<forms name="HonareZendegi" timeout="4300" defaultUrl="/admin/Default.aspx" loginUrl="/Login.aspx" />
and this one for clicking on login button:
FormsAuthentication.RedirectFromLoginPage(txtLoginName.Text, ckbremember.Checked);
but I have no idea why when I upload my project on my host my login keeps expiring after a short time...like 2 minutes or so...
how can I prevent this?
Try setting the sessionState timeout in your Web.config:
<configuration>
<system.web>
<sessionState mode="InProc" timeout="4300" />
</system.web>
</configuration>
I'm having a problem with Forms authentication in my website. At the moment when a user is not logged in they get redirected to a login page, which works fine. However, I want an unauthorised user to get redirected to a new page (welcome.aspx). Having changed the web.config I get the following HTTP Error 500.19 - Internal Server Error:
Cannot add duplicate collection entry of type 'add' with unique key attribute 'name' set to 'redirect'
And here is the relevant part of my web.config:
<authentication mode="Forms">
<forms name=".CommunityServer" protection="All" timeout="60000" loginUrl="welcome.aspx" slidingExpiration="true" />
</authentication>
<location path="Default.aspx">
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>
If I set Visual Studio to use the Visual Studio Development Server instead of my Local IIS WebServer, it all works fine. Also if I rename welcome.aspx to login.aspx it works fine.
Any Help is appreciated.
Have you tried
<authentication mode="Forms">
<clear />
<forms name=".CommunityServer" protection="All" timeout="60000" loginUrl="welcome.aspx" slidingExpiration="true" />
</authentication>